Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Service Control Policy (SCP)

Training Camp • Cybersecurity Glossary

What is Service Control Policy (SCP)?

Service Control Policy SCP: AWS Organizations guardrails that cap the maximum permissions for accounts, enforcing org-wide security boundaries.

Glossary > Cloud Security > Service Control Policy (SCP)

Understanding Service Control Policy (SCP)

A Service Control Policy SCP is an AWS Organizations feature that sets the maximum available permissions for accounts in an organization, acting as a guardrail that filters what IAM users and roles can do. SCPs do not grant permissions themselves; they define a permission ceiling, so an action is only allowed when both the SCP and the account's identity-based or resource-based policies permit it. They are commonly used to enforce regional restrictions, block root account usage, and prevent disabling of logging or security services.

Learn More About Service Control Policy (SCP):

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →